Logo for KMC Solutions

XTN-3E78732 | SECURITY ANALYST – PRODUCT & VENDOR

Role overview

Qualifications

  • 3+ years’ experience in security analysis
  • Security architecture review
  • Application security
  • Third-party/vendor risk management

Responsibilities

  • Perform detailed security architecture and application reviews of third-party vendors, SaaS platforms, and external services.
  • Request and evaluate vendor documentation (architecture diagrams, security practices and policies, compliance reports such as SOC 2 / ISO 27001, penetration test summaries, data flow and integration diagrams).
  • Conduct independent OSINT research to understand vendor architectures and security posture when documentation is incomplete or unclear.
  • Translate technical findings into a structured risk-reporting document used by the GRC team for formal risk reporting.

About the company

KMC Solutions logo

KMC Solutions

Real Estate Management & Development

The #1 flexible office space and fastest-growing EOR provider in the Philippines #DefyLimits 🚀

Company details

Company typeLarge
IndustryReal Estate Management & Development
Company size1001 - 5000

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

We are seeking a Security Analyst to support the organization’s Third-Party Risk Management (TPRM) program, with a primary focus on application and security architecture reviews of external vendors and SaaS providers.

This role sits at the intersection of security architecture, vendor assessment, and GRC reporting. The analyst will evaluate vendor-provided documentation, analyze cloud-based technology stacks, and produce structured security assessment outputs that feed directly into the GRC team’s formal risk reporting process.

A key part of this role involves working with incomplete or unclear vendor documentation and performing independent research (including OSINT techniques) to accurately understand vendor architectures and security posture.

  • Health Insurance/HMO 
  • Enjoy unlimited MadMax Coffee
  • Diverse learning & growth opportunities
  • Accessible Cloud HR platform (Sprout)
  • Above standard leaves

Key Responsibilities

  • Perform detailed security architecture and application reviews of third-party vendors, SaaS platforms, and external services.
  • Request and evaluate vendor documentation such as:

Architecture diagrams

  • Security practices and policies
  • Compliance reports (SOC 2, ISO 27001, etc.)
  • Penetration test summaries
  • Data flow and integration diagrams
  • Use a standardized internal assessment framework to evaluate expected controls and determine vendor risk levels.
  • Translate technical findings into a structured document used by the GRC team for formal risk reporting.
  • Conduct independent research and OSINT analysis when vendor documentation is incomplete or missing.
  • Assess a wide variety of modern and niche cloud-based technology stacks.
  • Communicate directly with vendors to clarify architecture, controls, and security posture.
  • Collaborate primarily with GRC and occasionally with Procurement and Engineering during vendor evaluations.
  • Manage multiple concurrent vendor assessments with minimal supervision.

Required Skills & Experience

  • 3+ years’ experience in any of the following:
  • Security analysis
  • Security architecture review
  • Application security
  • Third-party/vendor risk management
  • Cloud security assessment

Strong ability to interpret:

  • Architecture diagrams
  • Security documentation
  • Data flows and system integrations
  • Familiarity with cloud-based and SaaS technology stacks.
  • Experience evaluating vendor security posture against defined security control requirements.
  • Strong analytical, research, and documentation skills.
  • Comfortable working with ambiguous or incomplete information.
  • Self-motivated and able to work independently across multiple assessments.

Highly Preferred

  • Experience in Third-Party Risk Management (TPRM) or Supply Chain Risk Management.
  • Experience performing security reviews for SaaS or cloud vendors.
  • Familiarity with OSINT techniques for technology and architecture research.
  • Exposure to GRC processes and risk reporting.

Key Traits for Success

  • Naturally curious and investigative mindset.
  • Comfortable navigating unfamiliar technologies and niche stacks.
  • Detail-oriented with strong written communication skills.
  • Able to translate technical architecture into risk language for GRC reporting.
  • Proactive, independent, and highly organized.

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Security Analyst Related jobs

Other jobs at KMC Solutions

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.